Cyber Security
Mr Patrick Tay Teck Guan (Member of Parliament, West Coast GRC and Assistant Secretary-General, NTUC), the Guest-of-Honor at ISACA’s Governance, Technology, Audit, Control, Security (GTACS) 2019 conference (organised by ISACA Singapore Chapter, Marina Bay Sands, 15th May 2019). Photo credit: ISACA Singapore Chapter
ISACA Singapore Chapter GTACS 2019
By Jane Lo
28 | Asia Pacific Security Magazine
“Collaboration is a key ingredient to success in today’s changing world”, said Mr Patrick Tay Teck Guan (Member of Parliament, West Coast GRC and Assistant SecretaryGeneral, NTUC), the Guest-of-Honor at ISACA Singapore Chapter’s annual conference - Governance, Technology, Audit, Control, Security (GTACS) 2019. Addressing GTACS 2019 theme of “Managing Change, Embracing Uncertainty”, it is crucial to “stay ready, relevant and ahead of the curve”, Mr. Tay said. With rapid changes driven by the “ABCDEF” (acronym for “Artificial Intelligence, Blockchain, Cloud, Data, E-Commerce and Fintech), “expertise is no longer gained in a traditional 3-year program”, he explained. Instead, collaboration is key to promote the exchange of ideas, critical to the learning and upskilling process. “Speed to market” – the ability to respond and adapt to market changes – together with collaboration and skills are all the three essentials to “mange change and embrace uncertainty,” he added. “And ISACA Singapore will continue to partner U Associates to promote and advance the education and professional development of technology audit and cyber security,” he elaborated. Indeed, “uncertainty is constant in this world”, Mr Phoram Mehta (President, ISACA Singapore Chapter) noted at GTACS Opening address. Economic crisis and corporate scandals, innovations and
new information systems infrastructure have always raised expectations for improved standards, methods and techniques for controls and audits. What is different today is the exponential rate of change: rise of automation, proliferation of devices, increased frequency of breaches such as the recent SingHealth incident, amongst many others. Exchanging views on these tropical themes over networking breaks, ISACA members and industry thought leaders at GTACS 2019 also participated and shared through two dedicated tracks on topics of “Governance & Security + Compliance, Audit” and “Talent and HR”. GTACS theme “Managing Change, Embracing Uncertainty” was further expanded through industry talks ** which highlighted the need for proactive preparation and planning, and reflected the convergence of Cyber-Physical systems and an increasingly networked society. “Can you audit AI in the same way?” As a community of “networking, learning and mentoring” said Mr Leonard Ong (ISACA International VP, Director, ISACA International Board) at his opening address, ISACA equips its members in in navigating today’s sea of change. One such transformation is Artificial Intelligence (“AI”). “Can you audit AI in the same way?” he asked. There had been no shortage of regulatory, government agencies, and industry responses to transformational events, such as the Sarbanes Oxley Act, NIST publications, ISO standards. The Three Lines of Defence also gained prominence as risk control framework post the Great Financial Crisis. These developments played a part in evolving the audit profession: under the Sarbanes Oxley Act, audit of controls such as logging of network activities are mandatory; under the Three Lines of Defence, the auditors (third line) provides independent assurance to the risk-owner (first line) and risk manager (second line). The underlying common theme is “governance”, characterized by accountability and transparency through robust roles, responsibilities and policies. In fact, the annual gathering “GTACS” on-going since 1990s, was originally named “TACS” (Technology, Audit, Control, Security); “G” – governance was added to the official conference name in 1994. With AI, regulatory responses included Singapore’s proposed Model AI Governance Framework to address AI ethics concerns (e.g. data and algorithm biases). To be sure, such frameworks will guide future audit requirements and approaches. However, AI itself opens up opportunities for auditors, such as use cases that spot potential fraudulent activities from transactions and behavourial data fed through a machine-learning process. With more and more modern activities taking place online, leveraging digital data with AI to extract hidden insights can strengthen the organisation’s competitive positioning. No doubt, additional strategic inputs with predictive views that auditors offer will be invaluable. This, and many more opportunities can certainly be transformational for the profession, made possible with today’s innovations.